Yahoo Ads Flash Vulnerability Been Exploited By Hackers

Hackers have been sending malicious bits of code, through the network of Yahoo ads to many computers who use Yahoo services for the past seven days. The attack which began on the 28th of July 2015 was confirmed by Yahoo on Monday, 3rd of August 2015.

The attack is one of many attacks by hackers on advertising networks over the Internet. The hackers were able to carry out the attack due to the vulnerability of Adobe Flash, a popular program used for graphics. The software has always had security issues which are bugging company developers in Silicon Valley.

The attack was uncovered by Malwarebytes, a popular security company. According to Jerome Segura, a Malwarebytes security researcher, the flash vulnerability is presently being enjoyed by the hackers. He stated that to the hackers, the Flash software was a godsend.

Mr Jerome Segura believed only yahoo knows the exact number of individuals the malicious ad affected. He said that in recent times, the attack could easily be regarded as one of the biggest hacker attacks. Yahoo has, however, not stated the number of affected individuals.

Reacting to the attack, Adobe notified Flash software users to update their Adobe Flash software, to protect them from attacks of such nature. Many attacks by hackers are always carried out through outdated software installations which lack the latest security updates. This was made known by an Adobe Spokeswoman, Wiebke Lips.

The scheme was on Monday, shut down by Yahoo. The hackers were able to exploit the vulnerability by purchasing ads across the finance, news and sports websites of Yahoo. When a computer, using the Windows Operating System, is used to visit a yahoo website, a malware code is downloaded onto the computer.

See Also: Extremely popular chef worldwide, Jamie Oliver’s site served malware

The hackers then searched for Adobe Flash software that was outdated. The outdated Adobe Flash software gives them the ability to take control of a computer until they were paid a ransom. Alternatively, they used the software to discreetly generate traffic to other websites, where the hackers could benefit from, financially.

A Bromium Labs malware research, Vadim Kotov, noted that it is very profitable to attack visitors to Yahoo websites due to the large number of Internet users who use Yahoo services. He stated that it is not surprising for a website like Yahoo to be attacked. Bromium Labs was not the company who uncovered the attack.

Other researchers including Mr Kotov stated that in recent times, there has been a sharp increase on the number of attacks witnessed by advertising networks. The hackers are able to use the aspect of the advertising networks, which allows adverts to be directed to particular demographics of users on the Internet to locate machines that are vulnerable.

Must Read: What is Malvertising and How to Protect Yourself from Such a Threat?

Yahoo, who has confirmed the attack, released a statement saying that the attack is not nearly as big as it was portrayed by Malwarebytes.

According to the Yahoo Spokesperson, Yahoo takes seriously, every form of security threat. Having said that, she stated that the initial reports by the media were grossly exaggerated compared to the actual nature of the attack. Yahoo is determined to continue the probe of the attack.

Ali Raza Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a Master degree, now he combines his passions for writing about internet security and technology for SecurityGladiators. When he is not working, he loves traveling and playing games.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.